Andrew Dunstan <and...@dunslane.net> writes: > On 4/14/21 2:03 PM, Tom Lane wrote: >> This may mean that squeezing these contrib changes into v14 is a lost >> cause. We certainly shouldn't try to do what I suggest above for >> v14; but without it, these changes are just moving the security >> issue to a different place rather than eradicating it completely.
> Is there anything else we should be doing along the eat your own dogfood > line that don't have these security implications? We can still convert the initdb-created SQL functions to new style, since there's no security threat during initdb. I'll make a patch for that soon. regards, tom lane